.\" This is part of a set of commands and information released under the OpenCALEA Project.
.\" http://www.opencalea.org/
.\" 
.\" OpenCalea is distributed under the terms of the modified BSD license:
.\" 
.\" /*
.\" * Copyright (c) 2007, Merit Network, Inc.
.\" * All rights reserved.
.\" *
.\" * Redistribution and use in source and binary forms, with or without
.\" * modification, are permitted provided that the following conditions are met:
.\" *
.\" *     * Redistributions of source code must retain the above copyright
.\" *       notice, this list of conditions and the following disclaimer.
.\" *     * Redistributions in binary form must reproduce the above copyright
.\" *       notice, this list of conditions and the following disclaimer in the
.\" *       documentation and/or other materials provided with the distribution.
.\" *     * Neither the name of Merit Network, Inc. nor the names of its
.\" *       contributors may be used to endorse or promote products derived
.\" *       from this software without specific prior written permission.
.\" *
.\" * THIS SOFTWARE IS PROVIDED BY MERIT NETWORK, INC. ``AS IS'' AND ANY
.\" * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
.\" * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
.\" * DISCLAIMED. IN NO EVENT SHALL MERIT NETWORK, INC. BE LIABLE FOR ANY
.\" * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
.\" * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
.\" * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
.\" * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\" */
.TH "lea_collector" "8" "svn-20070502" "The OpenCALEA Project" "OpenCALEA"
.SH "NAME"
.LP 
lea_collector \- OpenCALEA Law Enforcement Agency (LEA) Collection Function (CF)
.SH "SYNTAX"
.LP 
\fBlea_collector\fR
\fB\-t\fR \fIcmii\-capture\-file\fR
[\fB\-f\fR \fIcmc\-capture\-file\fR]
[\fB\-b\fR \fIbind\-addr\fR]
[\fB\-u\fR \fIuser\fR]
[\fB\-g\fR \fIgroup\fR]
[\fB\-m\fR \fIcmc\-port\fR]
[\fB\-n\fR \fIcmii\-port\fR]
[\fB\-x\fR]
[\fB\-v\fR [\fI...\fR]]
[\fB\-D\fR \fIdebug\-file\fR]
[\fB\-l\fR \fIlog\-level\fR]
[\fB\-L\fR \fIlogfile\fR]
.SH "DESCRIPTION"
.LP 
This program is a LEA (Law Enforcement Agency) CF (Collection Function) from the OpenCALEA project.  It currently only accepts data from one or more \fItap\fR(8) programs, outputs a plaintext \fIcmii\-capture\-file\fR and optionally also a \fIcmc\-capture\-file\fR in pcap format.
.LP 
\fBlea_collector\fR(8) is planned to undergo substantial redesign with the implementation of \fBdf_collector\fR(8).
.SH "OPTIONS"
.LP 

.TP 
\fB\-t\fR \fIcmii\-capture\-file\fR
Specify the file to write CmII data to (plaintext).
.br 
Default: none.

.TP 
\fB\-f\fR \fIcmc\-capture\-file\fR
Specify file to save CmC data to (pcap format).
\fBlea_collector\fR will not listen on the
\fIcmc\-port\fR if you do not use this option.
.br 
Default: none.

.TP 
\fB\-b\fR \fIbind\-addr\fR
Specifies the ip address to bind to.
.br 
Default: \fBBind_Addr\fR from config file or 0.0.0.0 (any)

.TP 
\fB\-u\fR \fIuser\fR
Specifies the \fIuser\fR to change to if run as root.
.br 
Default: \fBUser\fR from config file or \fBcalea\fR.

.TP 
\fB\-g\fR \fIgroup\fR
Specifies the \fIgroup\fR to change to if run as root.
.br 
Default: \fBGroup\fR from config file or \fBcalea\fR.

.TP 
\fB\-m\fR \fIcmc\-port\fR
Specifies the \fIport\fR to listen on for CmC data.
Requires \fB\-f\fR to be specified.
.br 
Default: \fBCmC_Port\fR from config file or \fB6666\fR (this will change).

.TP 
\fB\-n\fR \fIcmii\-port\fR
Specifies the \fIport\fR to listen on for CmII data.
.br 
Default: \fBCmII_Port\fR from config file or \fB6667\fR (this will change).

.TP 
\fB\-x\fR
Enable cooked format.  A description of that would be great.
.br 
Default: disabled.

.TP 
\fB\-v\fR [\fI...\fR]
Enable debugging (\fB\-d\fR was taken).  Use multiple times to increase verbosity.
.br 
Default: \fBDebug_Level\fR from config file or off.

.TP 
\fB\-D\fR \fIdebug\-file\fR
Specifies where to debug to.
Valid values are \fBstdout\fR, \fBstderr\fR, \fBsyslog\fR or a \fIfilename\fR.
.br 
Default: \fBDebug_Destination\fR from config file or \fBsyslog\fR.

.TP 
\fB\-l\fR \fIlog\-level\fR
Specifies log level.
\fIlog\-level\fR should be a numeric value from \fB1\fR (least) to \fB5\fR (most).
.br 
Default: \fBLog_Level\fR from config file or \fB1\fR.

.TP 
\fB\-L\fR \fIlogfile\fR
Specifies where to log to.
Valid values are \fBstdout\fR, \fBstderr\fR, \fBsyslog\fR or a \fIfilename\fR.
.br 
Default: \fBLog_Destination\fR from config file or \fBsyslog\fR.
.SH "FILES"
.LP 
    \fBNote: config files are not yet used\fR

.TP 
\fI/etc/opencalea/opencalea.conf\fP
OpenCALEA shared settings
.TP 
\fI/etc/opencalea/lea_collector.conf\fP
\fIlea_collector\fR(8) specific configuration
.SH "EXAMPLES"
.LP 
To run \fBlea_collector\fR(8) saving CmII data to /tmp/output.txt:
.LP 
\fBlea_collector\fR
\fB\-t\fR /tmp/output.txt
.LP 
To run \fBlea_collector\fR(8) as \fIuser\fR nobody and \fIgroup\fR nogroup, saving CmII data to /tmp/output.txt with \fIdebug\fRging to standard out:
.LP 
\fBlea_collector\fR
\fB\-t\fR /tmp/output.txt
\fB\-u\fR nobody
\fB\-g\fR nogroup
\fB\-D\fR stdout
.LP 
To run \fBlea_collector\fR(8) saving CmII data to cmii.txt, CmC data to cmc.pcap, with \fIcmii port\fR 1234, \fIcmc port\fR 1235, listening only on localhost (127.0.0.1), and logging to a file:
.LP 
\fBlea_collector\fR
\fB\-t\fR cmii.txt
\fB\-f\fR cmc.pcap
\fB\-m\fR 1235
\fB\-n\fR 1234
\fB\-b\fR 127.0.0.1
\fB\-D\fR stdout
\fB\-l\fR 5
\fB\-L\fR /tmp/lea_collector.log
.SH "AUTHORS"
.LP 
Manish Karir <mkarir@merit.edu>
.br 
Jesse Norell <jesse@kci.net>
.SH "SEE ALSO"
.LP 
\fIcontroller\fR(8), \fIcollector\fR(8), \fIdf_collector\fR(8),
\fIopencalea\fR(8), \fItap\fR(8)
.LP 
\fIlea_collector.conf\fR(5), \fIopencalea.conf\fR(5)
.LP 
http://www.opencalea.org/
.SH "STANDARDS"
.LP 
OpenCALEA conforms to the following standards, which are intended to provide "safe harbor" as per Section 107 of CALEA, Public Law 103\-414.
.LP 
ATIS\-1000013.2007,
Lawfully Authorized Electronic Surveillance (LAES) for Internet Access and Services.
.LP 
ATIS\-PP\-1000678.2006,
Lawfully Authorized Electronic Surveillance (LAES) for Voice over
Packet Technologies in Wireline Telecommunications Networks, Version 2.
.SH "SECURITY"
.LP 
\fBlea_collector\fR(8) currently has no authentication to or from its \fBtap\fR(8) clients, no encryption of the data sent, and only supports udp transport.  This leaves it wide open to packet spoofing and eavesdropping if on a public network.  A vpn link between the \fBlea_collector\fR and the OpenCALEA collection network would currently be a big step in the right direction.
.LP 
With the implementation of \fBdf_collector\fR(8), there will be a single endpoint between the DF and the CF, and the capabilities of \fBlea_collector\fR(8) will be expanded to the full set needed as a CF.  This brings new possibilities for improvement, as well as new security issues to address.
.LP 
\fBlea_collector\fR(8) can, and should, be run as a non\-root \fIuser\fR.
.LP 
If you only have one machine performing all OpenCALEA functions, use \fB\-b\fR to bind to the localhost address.
.SH "BUGS"
.LP 
Please report all bugs to the OpenCALEA mailing list at:
.IP 
<opencalea@merit.edu>
